PS4 (Update) A New PS4 Kernel Exploit (7.02) Released by TheFl0w (PS4 6.72 Jailbreak next canidate)

The PlayStation 4 Hacking/Homebrew Scene has been a unique journey in comparison to other PlayStation platforms even those in the firmware era (psp/vita/ps3). The PS4 itself has been a bit unique, while development has always been there it has came at a slower pace and for a limited audience on back dated firmware releases. We have seen several exploited firmware on the PlayStation 4 (PS4) we started the show off with 1.76 and then through a few exploits we eventually climbed the ladder and moved onto 5.05 firmware and currently that has been the latest firmware exploited when the console has aged to 7.5x era . So a new exploit is in the desire list for many.

Recently (back in March) well known developer theflow0 most notably for his work recently in the PS Vita scene. His works included various exploits and also some great homebrew projects like VitaShell. So when the developer decided to turned his attention to the PS4 (see our coverage here) and announced that he had a 6.20 kernel exploit and advised the public not to update your PS4 console's firmware past 6.20, it excited many, At the time many would have updated already (v7.x), its did become a much bigger window then the current 5.05 and upgrades existing exploited console's with a new exploit. So this was eager news for many waiting patiently and sadly also fuel for the twitter trolls out there in social media land.

Then, several weeks ago you may of heard of a new bug bounty program for PlayStation (via https://hackerone.com/playstation). When this program was announced just recently there was alot of opinions shared and various disagreements in ideology arose and that became the focus of arguments it seemed. Following some of those disputes hacker thefl0w went to twitter on June 25 with the following:

"PS4 scene, you're starting such a drama over nothing. I was actually planning to disclose something in a few weeks/months (which I will still do...) and after that, I'd like to announce my retirement, even if I was never part of that toxic and entitled "scene".

Then today thefl0w and hackerone.com (via PlayStation Bug Bounty) announced the ps4/vita hacker has claimed a $10,000 bounty for a kernel exploit on the PS4 for firmware 7.02 (patched in 7.50) (however for 7.02 support there will need to be a webkit exploit found and released to the public, but there is one released in the public that support 6.72.) Here is what theflow0 has to say about the exploit released on July 6:​

via twitter (July 6)

Here you are, https://hackerone.com/reports/826026, PS4 kernel exploit for FW 7.02 and below. Vulnerability discovered on 2019-06-09. This must be chained together with a WebKit exploit, for example https://github.com/Fire30/bad_hoist for FW 6.50.​

July 6

Apologies, the WebKit exploit works upto FW 6.72.​

Future

• 
  
  So, what does this mean?
  We will be moving on from 5.05 in the future as the pieces are put together by the community. with 6.72 more then likely being the focus since we have a public webkit already and the wait will be for a 7.02 webkit exploit to be found and released to the public as that is needed for entry point to use the kernel exploit..
  
  thefl0w entry in the PS4 scene appears to be a brief but explosive one as the developer has also decided to call his short PS4 tenure quits confirming what he said on June 25 as those feelings seemed to stemmed from various disagreements and attitude's he did not like (more details can be found on his twitter)
  
  To summarize, A developer got $10,000 for releasing his Exploit, an exploit that many are going to get to use and upgrades from 5.05 It does look like that bounty program is not the end of the world after all as some were suggesting,
  
  Stay Tuned as this is sure to mature over the next several days/weeks,
  Do not update past 6.72 and if on 5.05 currently stay until been properly prepared for public consumption. ​
  
  

  ---

  .Exploit Disclosure @: hackerone.com​
  
  
  Source: twitter.com/theflow0​

Updates: ​

6.72 (Jailbreak) Progress Development Opinion's on Exploit disclosure Slide 3

• 
  Update (July 17) : Another group released rushed a 6.72 jailbreak and is out in the wild. It's very unstable and prone to errors and looks to be untested. Advised to wait for SpecterDev's work or a better version of the current work currently released
  
  
  Currently @SpecterDev is trying to bring the PoC from TheFlow to a usable jailbreak on 6.72.
  Exploring a new PS4/FreeBSD kernel bug
  
  • Day 1 - https://www.twitch.tv/videos/671973876
  • Day 2 - https://www.twitch.tv/videos/672962246
  • Day 3 - https://www.twitch.tv/videos/673989781
  • Day 4 - https://www.twitch.tv/videos/674953490
  
  Developer @_AlAzif has updated payload for 6.72 (for when its ready)
  

  Majority of old payloads are ported for 6.72 along with Mira already being ported to 6.72 this should cover most use cases besides Linux. So when the exploit is implemented there should be no down time: https://github.com/Scene-Collective/ps4-payload-repo/releases/tag/1.0.2

  
  
  

  6.72 support has been upstreamed: https://github.com/OpenOrbis/mira-project/runs/861230386 Elf and Loader available

• '
  
  PS3 developer @bguerville (of PS3Xploit) on the exploit released by TheFlow (via psx-place)​

  Also afaik the C code provided by theflow is a poc that triggers the kernel UAF, not a kernel payload loader so that's not the end of the story for a ps4 public release.
  
  Once both webkit & kernel exploits are chained & the kernel UAF triggered, you still need to implement some krop to take control of execution & execute a payload & restore system execution.

•  

 

I was talking with someone on temp about what sony can see on the ps4. I don't know what telemetry is sent to sony, but kiiwii's tutorials say something I didn't even notice until it was pointed out to me. apparently, the dns doesn't block all communication with sony, so they can potentially ban people using dns to run the exploit or at least as per what it says, "deactivate purchased content." the only way they could really do that is if they banned you, so I say be careful. I think my first ps4 tutorial blocks everything from sony. I got a partial list from a website, then I sniffed everything else with cc proxy. blocked addresses are listed in red, so everything was red with how my ps4 was communicating. signing in to psn or updating via the internet will result in an error, which is how you know it's working (even without dns). you can still use the internet and run the exploit, so it might be a good measure. still, there's no telling what sony can or cannot see or if they'll issue a ban. if this is true, it would mean that unless you're 100% offline, any measures used to prevent bannings such as deleting the notification.db, disabling syscalls, or deleting history would be pointless. sony would see you using content on the wrong firmware, content that doesn't belong to you, or using a debug license.

 

I hacked my PlayStation 4 console My previous PlayStation 4 console firmware was 6.0.0 and I updated it to firmware 6.72 I have not yet installed any games on my console to see how I run it in a few days I install the game to see how it runs. The important thing is that sometimes my console shuts down! And I do not know if the game will be turned off or not, and I do not know what the game is like in Firmo 5.05, but I think it is the same in Firmware 5.05? And another point is that after each shutdown, when we turn on the console again, we have to go online and hack the console again, it is not like the PlayStation 3 console to be hacked offline

 

Thanks to all the developers there are many people who do not have access to firmware 5.05 and their PlayStation 4 console with firmware 6.0.0. Or 7.0.0 has been updated. What I want to know is whether there will be a custom firmware installed on the PlayStation 4 console or not.

 

Arash_receiver PS4 shutting off is normal on 6.72 mine has shut off probably at least 100 times already. But are you installing game to internal hard drive or external?

 

I'm on 6.72. It's way more reliable than i anticipated. Only failed 2 times in 10 reboots. How does one install game updates on this fw? I know on 5.05 there was a tool ps4aio for this. But on 6.72 every game update fails to install((

 

My findings as far as using an external preformatted by the PS4 (not apptousb) on 6.72.

-Your games already on external from 5.05 will not work now.
-You cant install PKG from exfat usb to external

The only thing that does work is using Remote Package installer. I transferred RE2 remake and Dirt Rally 2.0 using irefuses Ps4 remote package installer GUI (You have to use Mira (no HB) for remote package installer to work) tested those games from external and they work ok.

Where can I get the link for remote pkg installer for 6.72? I want to upgrade my vanilla persona 5 with a backup of persona 5 R remotely.If you could pm me that would be great.

 

I'm on 6.72. It's way more reliable than i anticipated. Only failed 2 times in 10 reboots. How does one install game updates on this fw? I know on 5.05 there was a tool ps4aio for this. But on 6.72 every game update fails to install((

duxa repacker? the update and game must be from the same dump or it will fail. even if on the same system, you have to do them both together or use that app. I think it requires the base pkg and update, then it will fix it for you. if not, it fails at the end of the install. it will appear to freeze. don't worry. it's working. btw, this is a pc app.

 

here it is. dunno if there will be an issue with 6.72, so look for a newer one if it exists and if you have to: https://gbatemp.net/threads/release...ackager-by-duxa-aka-chrushev-v6-22-18.508723/

 

Where can I get the link for remote pkg installer for 6.72? I want to upgrade my vanilla persona 5 with a backup of persona 5 R remotely.If you could pm me that would be great.

I don't think your plan will work like you think, unless you're willing to play the japanese version. Persona 5 R is 7.0+ in every region except Japan. You can not backport it at all. However if you want to use the remote package installer I use PKG Remote PKG Sender by irefuse. Use ethernet if you want good speeds but you might already know that. Also it requires Mira No HB.

 

I don't think your plan will work like you think, unless you're willing to play the japanese version. Persona 5 R is 7.0+ in every region except Japan. You can not backport it at all. However if you want to use the remote package installer I use PKG Remote PKG Sender by irefuse. Use ethernet if you want good speeds but you might already know that. Also it requires Mira No HB.

I'll just get a external hard drive then.I was going to replace vanilla persona 5 I bought from psn with persona 5 R on my 500gb HDD,but if I can't get the English version,then I'll just keep the vanilla version then and run the backups off a external when I buy one.

 

Tutorial: Install PS4 games in 30 min or less with Remote Package Installer on 6.72 https://www.psx-place.com/threads/h...t-on-6-72-with-remote-packer-installer.30550/

 

duxa repacker? the update and game must be from the same dump or it will fail. even if on the same system, you have to do them both together or use that app. I think it requires the base pkg and update, then it will fix it for you. if not, it fails at the end of the install. it will appear to freeze. don't worry. it's working. btw, this is a pc app.

thanks but it seems it only works with 5.05. on updates that require higher firmware like 6.20 it gives me an error. guess ill have to wait for it to get ported(

 

Still cant Properly inject bin files on 6.72....
i use offline host NOT al azifs host...
im using xampp to star server on port 448

Or is it that gtav 5.05 payloads MUST BE ported to 6.72
....i load Bin boader payload fron Darkmodervc ...
and I DONT get Awaiting Payload message??
Utill i unplug Lan Ethernet cable...the massage appears Along with BLIND ERROR..
...i tried to send USING net cat...
but the Port is what keeps holding me back i guess...

I teied port
9021
9030
1337
9023
21

Please help me or at least let me know if 5.05 PAYLOADS work on 6.72
..
Can i manualy change Gtav payloads to 6.72

 

..big question...
I dumped a disc game...
made a fpkg...18g
irs on my pc...
i tried to copy it to my Exfat32 external hdd..
but cant..
...sooo i FTP...copying from pc to ps4 via External hdd...but i feel likes its taking forever...

Is the somewere on Hdd were i can store Pkgs and intall em from there..
like ps3 had a package folder were i can istall From internal Hdd...
.
just so i can save time...

 

format your drive to exfat.

 

i tried to copy it to my Exfat32 external hdd.

Try on 'Fat16ntfs external hdd'.

 

 

Afther i pluged eternal hdd from ps4...
Back on pc ...
it become protected some how and cant erase or add files from hdd....
...sooo what i did wus got another external hdd formated it exfat32 and pluged it to Ps4 to see if works the plug back to pc..

back on Pc i added the pkg game18g from pc to NEW external....sussesfully..

...back on ps4
PKG showed up and installing...half way get error 30002-5..
.....
i sussefully dumped disc game via dumper payload..
...use fpkg to build pkg sussesfully
but didnt bulid the patch...
..
wired full game is apk.18g
but the new pkg i made is only 16g...
is the other part missing to compleate download...game is ds3

 

not sure. did you alter the config file for the dumper? I think 3 is default, and that's dump game and patch separately. one of them is to dump both together as one game. it's not recommended. the only time I've seen a pkg error is when it has not been repackaged with duxa. that will error at the very end of the install.

 

Tested this version, way more stable than previous 6.72 solutions.

https://twitter.com/_AlAzif/status/1286417121468018688